I don't have any insight into the server am just writing the client. I am confused if the paylaod itself is not coming or that framework is goofing up trying to decrypt.

Any pointers to debug the issue is appreciated

Regards,
Aravind

Answers

That particular exception is only thrown from the getCompactSerialization() method when there is no payload set - getCompactSerialization() is the last step on sending/encrypting side to create the JWE. If you are decrypting, you shouldn't be calling that. Maybe you've got an accidental call somewhere? Otherwise, the code your using as well as an example raw JWE value might help troubleshot (and keys, if it's just a test and you can share them).

So first for JWE to JWS.
then from JWS to JWT after verifying signature. below code will do that.

// That other party, the receiver, can then use JsonWebEncryption to decrypt the message.
JsonWebEncryption receiverJwe = new JsonWebEncryption();
// Set the compact serialization on new Json Web Encryption object
//This is the received payload JWE payload
receiverJwe.setCompactSerialization(result.toString());
// Symmetric encryption, like we are doing here, requires that both parties have the same key.
// The key will have had to have been securely exchanged out-of-band somehow.
receiverJwe.setKey(secretKeySpec);
// Set the "alg" header, which indicates the key management mode for this JWE.
// In this example we are using the direct key management mode, which means
// the given key will be used directly as the content encryption key.
//receiverJwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.DIRECT);
//receiverJwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);
// Get the message that was encrypted in the JWE. This step performs the actual decryption steps.
String jwsPayload = receiverJwe.getPlaintextString();
// And do whatever you need to do with the clear text message.
System.out.println("plaintext: " + jwsPayload);
// Create a new JsonWebSignature object
JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(jwsPayload);
jws.setKey(secretKeySpec);
boolean signatureVerified = jws.verifySignature();
// Do something useful with the result of signature verification
System.out.println("JWS Signature is valid: " + signatureVerified);
// Get the payload, or signed content, from the JWS
String payload = jws.getPayload();
// Do something useful with the content
System.out.println("JWS payload: " + payload);